cross-posted from: https://slrpnk.net/post/15995282

Real unfortunate news for GrapheneOS users as Revolut has decided to ban the use of ‘non-google’ approved OSes. This is currently being posted about and updated by GrahpeneOS over at Bluesky for those who want to follow it more closely.

Edit: had to change the title, originally it said Uber too but I cannot find back to the source of ether that’s true or not…

  • 50MYT@aussie.zone
    link
    fedilink
    arrow-up
    11
    arrow-down
    3
    ·
    edit-2
    5 days ago

    Your options are:

    Apple phone

    Bloated android phone like Samsung etc.

    Chinese android phone (xiami etc)

    Google phone with Android

    Google phone with graphene. This still looks like the best of those options.

    Or no phone? I guess people are hardcore enough that will be the option.

    Edit: I stand corrected.

      • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        edit-2
        4 days ago

        All of these are insecure as hell. Linux phones especially https://madaidans-insecurities.github.io/linux-phones.html

        Fairphone also really fucked up: They signed their own OS with the publicly available (!) AOSP test signing keys. These guys really don’t know that they’re doing, and I would trust their hardware or software whatsoever. And no, installing a custom ROM doesn’t solve this. Considering how bad their security practices are, we genuinely have to assume that there are security issues with the device firmware as well.

        /e/OS is based on the already insecure LineageOS, and it weakens the security further, so it’s not a good option either.

        None of the options you mentioned can be compared to GrapheneOS. It’s currently the best option if you value your privacy and security. You don’t have to give Google money either, since you can just buy a used device, which is also cheaper and more environmentally friendly. Google also makes repairing their devices pretty easy for consumers and even works with iFixit. Here’s a Mastodon post I recently saw about that: https://social.linux.pizza/@midtsveen/113630773097519792

        • Venia Silente@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 days ago

          An used Pixel, assuming I can find one in my country, still costs four (4) times what I need to shell out for a in-market Lineage compatible phone.

          Theoretical security is cute, but it has to be adjusted to practical feasibility. The most secure computer in the world is useless to you if you can’t boot it up.

          • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            20 hours ago

            Security-wise you’re better off using whatever OS comes with your device (as long as it gets updates) than downgrading to LineageOS. At least most smartphone vendors (except for Fairphone) manage to ship their Stock OS with a locked bootloader and somewhat working Verified Boot.

            • Venia Silente@lemm.ee
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 day ago

              Security-wise you’re better off using whatever OS comes with your device

              So, Android 9 / 10?

              I’m sure not as heck going to spend zillions on a new phone (or a hard-to-find used one) when the one I have still works perfectly.

                • Venia Silente@lemm.ee
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  13 hours ago

                  Well, on my phone that back in stock could only do up to Android 10, Lineage gives me Android 11 (maybe 12, haven’t checked) so it’s still a serious win.

                  Now, if you insist that I shall have an up-to-date device from the official manufacturer with all the bloatware, same planned obsolescence and zero control, or even worse a 4× overpriced Pixel, maybe you are so assured of this superiority that you’d be willing to fund it?

      • Killercat103@slrpnk.net
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        5 days ago

        Is swiftphone its own thing or did you mean shiftphone? I kinda want the shiftphone 8 myself even if they only ship to neighboring countries of mine.

      • SeekPie@lemm.ee
        link
        fedilink
        arrow-up
        3
        ·
        5 days ago

        I don’t think LOS has any privacy/security improvements over the stock android?

        (IIRC) it’s even worse than stock because you can’t lock the bootloader after installation.

        Though if your phone isn’t getting official updates, it’s probably safer with LOS.

          • SeekPie@lemm.ee
            link
            fedilink
            arrow-up
            3
            ·
            edit-2
            5 days ago

            Yeah, I myself am using CalyxOS, because DivestOS doesn’t support the Fairphone 5 unfortunately. CalyxOS also has relocking.

            • 211@sopuli.xyz
              link
              fedilink
              arrow-up
              2
              ·
              5 days ago

              Calyx also comes with MicroG, right? So mitigates many problems with a bit more Google.

              And Fairphone 4 here, partly for Divest (had it on Oneplus 6 before this and just used to it), partly because of a good deal for a barely used one.

              • SeekPie@lemm.ee
                link
                fedilink
                arrow-up
                2
                ·
                5 days ago

                (IMHO) CalyxOS is a good balance between security and usability. Better than LineageOS, worse than GrapheneOS (and DivestOS).

                • 211@sopuli.xyz
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  5 days ago

                  Amen to that. Everyone has their own balance point, Calyx seems to hit that for many.

                  • SeekPie@lemm.ee
                    link
                    fedilink
                    arrow-up
                    2
                    ·
                    edit-2
                    5 days ago

                    Forgot to say that yes, CalyxOS does have microG, though you don’t need to log into Google to download apps from Aurora. Login is only required for apps from Google (like maps, gmail etc).

                    I also got the Fairphone 5 because of the used price! Mine was 300€ with a slightly burned in screen (it was used as a store display model), though I only notice it when on a completely white screen and looking for it.

        • Venia Silente@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 days ago

          (IIRC) it’s even worse than stock because you can’t lock the bootloader after installation.

          That’s a problem with the phone manufacturer, not with Lineage.

          • Not with GrapheneOS, since you can entirely disable the USB controller from the settings on a driver level, making it impossible to connect the phone to a forensic data extraction device. GrapheneOS also has a convenient auto-reboot feature, which (together with their patches to the Linux kernel and Fastboot recovery OS to include memory zeroing) erases the encryption keys from memory, putting the device in BFU state and requiring the PIN/password to unlock. This is additionally secured by the Titan M2 secure element, which makes use of the Weaver API and drastically throttles brute-force unlock attempts. https://grapheneos.org/faq#encryption

              • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.com
                link
                fedilink
                English
                arrow-up
                3
                arrow-down
                1
                ·
                3 days ago

                Those conspiracy theories often come up in discussions here on Lemmy, but the TLDR is: Google is a tiny player in the smartphone market, compared to vendors like Apple, Samsung, Huawei, Xiaomi, and others (https://www.statista.com/chart/25463/popularity-of-google-smartphones/). They also serve a much smaller geographical region than most other manufacturers. The Pixel 9 lineup, for example, is only sold in 32 countries. Most of those are wealthy industrial nations. Google doesn’t even try to assume market share in developing countries in Africa and Asia. It can also be assumed that over 97% of Google Pixel users keep the Stock Pixel OS, where Google doesn’t need a hardware backdoor since they can just implement it in software. So that leaves only a tiny fraction of all users: people in some wealthy industrial nation who specifically buy a Pixel to install a custom ROM. GrapheneOS for example has about 300K users. Do you really think Google would put in the effort to create a hardware backdoor and take all the risk associated with it (negative PR, loss of sales, etc.) just to collect some data about this tiny amount of users? Google already controls EVERY Android phone on the market by forcing vendors to include Google Play Services as a system application through their contracts, licensing and monopolistic market position. Be realistic for a second, and you will realize that your backdoor theories make absolutely no sense and that no business in the world would ever take such a huge risk with such little reward.

                • ryannathans@aussie.zone
                  link
                  fedilink
                  arrow-up
                  2
                  arrow-down
                  1
                  ·
                  3 days ago

                  Bare in mind the chipset is the Google Tensor G4, they already had to design and build their own hardware. We don’t know everything it can do

                  • We don’t know everything it can do

                    Neither do we know this about any other CPU on the market. All chipsets on the market are proprietary. All of them. And no, despite many people (who don’t know anything about what they are talking about) claiming this, RISC-V won’t actually solve any of these issues. Sure, the ISA is open source, but the ISA would be the worst place for malicious actors to introduce a backdoor. I can guarantee you that despite using the RISC-V ISA, the chips themselves will still be fully proprietary and the IP will be highly protected as trade secrets. You can build a fully RISC-V conformant chip with a backdoor, there’s absolutely nothing in place that could stop this, and it surely won’t change for the forseeable future.

    • zerozaku@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      5 days ago

      Xiaomi has the biggest custom ROM scene out there btw despite them trying their hardest to stop bootloader unlocking. You really don’t need to have a company supporting unlocking to make ROMs for them. If they outright block it then that’s an issue.

        • DoeJohn@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          2 days ago

          My friend just got a new Xiaomi phone. He tried unlocking it a few days ago and got “try again in 168 hours”. That happened in Europe. It’s an absolute mess nowadays, I remember when they started blocking you from unlocking the bootloader. First you had to wait 24 hours, then 3 days, now it’s an entire week. You also need to make sure you’re logged into your Mi Account on both phone and PC and do even more weird fuckery to ensure the process actually go through. Meanwhile, on GOOGLE Pixel devices you just type one command after you enable oem unlocking in settings and reboot into fastboot mode. Crazy.